• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

Trojan Backdoor Activity 45

I constantly get a message that this threat has been blocked: Trojan Backdoor Activity 45

I copied the following information from Norton:

Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking
Computer,Attacker URL,Destination Address,Source Address,Traffic Description
2016/12/24 12:14:30 PM,High,An intrusion attempt by crazyfuckingslavemudak.xyz was blocked.,Blocked,No Action
Required,System Infected: Trojan Backdoor Activity 45,No Action Required,No Action
Required,"crazyfuckingslavemudak.xyz (212.92.127.57, 80)",crazyfuckingslavemudak.xyz/index.php,"JACQUESSWART
(192.168.1.37, 52724)",crazyfuckingslavemudak.xyz (212.92.127.57),"TCP, www-http"
Network traffic from <b>crazyfuckingslavemudak.xyz/index.php</b> matches the signature of a known attack.  The
attack was resulted from \DEVICE\HARDDISKVOLUME3\WINDOWS\EXPLORER.EXE.  To stop being notified for this type of
traffic, in the <b>Actions</b> panel, click <b>Stop Notifying Me</b>. 

I then looked up detail on the IP address and found the following:

212.92.127.57 is a valid IPv4 address, probably located in Russian Federation (more)

Whois server responsible for 212.0.0.0/7 is whois.ripe.net

% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
%       To receive output for a database update, use the "-B" flag.

% Information related to '212.92.127.0 - 212.92.127.255'

% Abuse contact for '212.92.127.0 - 212.92.127.255' is 'noc@toldernet.com'

inetnum:        212.92.127.0 - 212.92.127.255
netname:        RU-KOLIIAGIN-19991103
country:        RU
org:            ORG-TL405-RIPE
admin-c:        KI1200-RIPE
tech-c:         KI1200-RIPE
status:         ALLOCATED PA
mnt-by:         RIPE-NCC-HM-MNT
mnt-by:         DNRNET
created:        2016-11-14T12:45:26Z
last-modified:  2016-11-14T12:45:26Z
source:         RIPE

organisation:   ORG-TL405-RIPE
org-name:       Tolder LLC
org-type:       LIR
address:        Pobedy str 107, app 49
address:        03055
address:        Kiev
address:        UKRAINE
admin-c:        KI1200-RIPE
tech-c:         KI1200-RIPE
abuse-c:        AR37737-RIPE
mnt-ref:        TOLDERNET
mnt-by:         RIPE-NCC-HM-MNT
mnt-by:         DNRNET
created:        2016-09-26T07:41:31Z
last-modified:  2016-10-08T10:01:23Z
source:         RIPE # Filtered
phone:          +74953084604

person:         Koliagin Iuurii
remarks:        Tolder LLC
remarks:        www.toldernet.com
address:        Vatskay str 27 app 12
address:        127015
address:        Moscow
address:        Russia
phone:          +74953084604
phone:          +380442909939
nic-hdl:        KI1200-RIPE
mnt-by:         TOLDERNET
created:        2016-09-26T07:41:30Z
last-modified:  2016-10-08T22:13:29Z
source:         RIPE

% This query was served by the RIPE Database Query Service version 1.88 (HEREFORD)

_________________________

Please advise on how I can either permanently stop these intrusions or report the ip address / owner for this abuse.

Replies

Kudos0

Re: Trojan Backdoor Activity 45

You must use Norton Power Eraser. Your OS was infected, but Norton blocking network activity of trojan.

Kudos0

Re: Trojan Backdoor Activity 45

@PieterS:

Personally, you're still protected from the said threat. 

Further, which operating system are you using? Windows 8 and/or greater? If so, plz disable Fast Startup and get all of updates for your system and 3rd-party programs. Run LiveUpdate to keep your Norton current as well. And, you had better set Chrome/Firefox as your default web tool.

To improve the scan results, plz read this comment re junk & PUPs removal: Step 8 ~ 11.

Then scan your system in Safe Mode. 

If those alerts continue, plz contact official Norton Support. Thx

PUP Hunter PRO: Just TRYING to save the world (U) from cyber threats, A single blog post, at a time, and ONCE & FOR ALL. (A fan of Nadia_Kovacs)
Kudos0

Re: Trojan Backdoor Activity 45

Hello Peter

Please sign up with one of the free malware removal sites. An expert will work with you 1 on1 until your computer is clean. Don't try any quick fixes. Pick one of these sites.

Please see this link for an up to date description of these sites plus the addition of a newly listed site formed by one of our successful malware remover users who unfortunately has passed away. That site is still being run by a good expert who happens to be one of the other Gurus.  The new site is listed first in this link.

https://community.norton.com/en/forums/malware-removal-forum-recommendations

Thanks




 

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit NSBU 22.17.0.183 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: Trojan Backdoor Activity 45

Thanks - I have tried Power Eraser but the problem persists. I will try the other options presented. Heartfelt thanks for the assistance. I'm running Win 7 Pro. Best wishes all for the Festive Season and 2017.
Kudos1 Stats

Re: Trojan Backdoor Activity 45

Hello Peter

I would not recommend the use of the Power Eraser as it is an advanced tool and you must be knowledgeable as to what is safe to delete. Some malware can use the name of a system file. If you delete one of those, then you are in trouble and can't reverse the power eraser because you won't be able to boot up.

Do it the safer way and work with a malware removal expert at one of the Forums.

Thanks.

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit NSBU 22.17.0.183 Core Firmware 282 I E 11 Chrome latest version.
Kudos1 Stats

Re: Trojan Backdoor Activity 45

I would not recommend the use of the Power Eraser as it is an advanced tool and you must be knowledgeable as to what is safe to delete.

 The user does not need any special expertise. The user must have the basic intelligence. Other scanners may not know the threat. NPE - proactive scanner. 

Some malware can use the name of a system file. If you delete one of those, then you are in trouble and can't reverse the power eraser because you won't be able to boot up.

It does not change anything. NPE - basic method of solving problems with the protection, it recommended by Symantec (https://community.norton.com/en/system/files/u5310181/Capture.JPG). NPE removes the threat before running the OS - safe method. Side issues of infection - is another question.

Kudos0

Re: Trojan Backdoor Activity 45

Hello

As it turned out, the customer did use the NPE and it didn't find anything. He is still going to try out one of the free removal sites. I personally won't recommend the NPE. If someone else wants to recommend it to a user who doesn't know a bad file from a safe one and , that's fine with me since the choice is up to the user. All I did is express my opinion which as it turns out is different from some others. That doesn't make my opinion incorrect, it's just another opinion.


https://security.symantec.com/nbrt/npe.aspx

  1. Cached
  2. Similar

Norton Power Eraser uses our most aggressive scanning technology to eliminate threats that traditional virus scanning doesn’t always detect, so you can get your PC back. Because Norton Power Eraser is an aggressive virus removal tool, it may mark a legitimate program for removal ...


I found this in Google when I looked up Norton Power Eraser. 

Thanks.

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit NSBU 22.17.0.183 Core Firmware 282 I E 11 Chrome latest version.

This thread is closed from further comment. Please visit the forum to start a new thread.